On 03/08/2013 11:16 AM, David Woodhouse wrote:
> On Fri, 2013-03-08 at 10:52 -0600, Brian J. Johnson wrote:
>> We've implemented a similar "safety" check in our BIOS by modifying the
>> segment descriptors (in 32-bit mode) and the 1:1 page tables (in 64-bit
>> mode) to prohibit access to addresses 0-4095. That caught some bugs and
>> unforseen end cases in our code.
>>
>> Unfortunately this check interfered with the CSM, so we were not able to
>> use it in production. But it might be a handy option (under a PCD
>> feature flag, of course) to have available in EDK2.
>
> Surely it wouldn't affect the CSM itself, which will run in 16-bit mode
> and not care about the segment descriptors?
>
> It'll affect the UEFI-side CSM support code, but only when it's trying
> to access that first 4KiB of memory. That's relatively few call sites,
> and you could fix them up in a number of ways — temporarily loading a
> different segment selector which would allow access, perhaps.
Yes, it was the EFI-side support code. Unfortunately, it was
surprisingly hard to fix up the various reference sites in the EDK1
codebase we were using at the time. The changes extended into
LegacyBios, MpServices, UsbLegacy, ConsoleRedirectionHook, .... And
given that the EFI-side code was complex and fragile (lots of hardcoded
addresses, assumptions about the CSM's behavior, etc.) and was intended
to support a binary CSM for which we did not have any source code or an
adequate interface description, it was safest not to mess with it.
I don't believe I've tried dynamically enabling/disabling page 0 with a
more modern codebase.
There was one other non-CSM-related tweak to accommodate this feature:
we had to exclude page 0 from the memory tests.
--
Brian J. Johnson
--------------------------------------------------------------------
Ethernet (n): something used to catch the etherbunny
-- Quoted by Khan Tran
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-devel
